1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Datagram Transport Layer Security (DTLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 #include "nx_secure_dtls.h"
25
26 /**************************************************************************/
27 /* */
28 /* FUNCTION RELEASE */
29 /* */
30 /* _nx_secure_dtls_server_local_certificate_remove PORTABLE C */
31 /* 6.2.1 */
32 /* AUTHOR */
33 /* */
34 /* Timothy Stapko, Microsoft Corporation */
35 /* */
36 /* DESCRIPTION */
37 /* */
38 /* This function removes a local server identity certificate from a */
39 /* DTLS server instance, either using the Common Name or the */
40 /* certificate id ("cert_id" parameter) assigned when the certificate */
41 /* was added. */
42 /* */
43 /* INPUT */
44 /* */
45 /* server_ptr DTLS server control block */
46 /* common_name Certificate Common Name */
47 /* common_name_length Length of Common Name */
48 /* cert_id Numeric ID for certificate */
49 /* */
50 /* OUTPUT */
51 /* */
52 /* status Completion status */
53 /* */
54 /* CALLS */
55 /* */
56 /* _nx_secure_tls_server_certificate_remove */
57 /* Remove certificate using ID */
58 /* _nx_secure_tls_local_certificate_remove */
59 /* Remove certificate using CN */
60 /* */
61 /* CALLED BY */
62 /* */
63 /* Application Code */
64 /* */
65 /* RELEASE HISTORY */
66 /* */
67 /* DATE NAME DESCRIPTION */
68 /* */
69 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
70 /* 09-30-2020 Timothy Stapko Modified comment(s), and */
71 /* fixed compiler warnings, */
72 /* resulting in version 6.1 */
73 /* 03-08-2023 Yanwu Cai Modified comment(s), */
74 /* fixed compiler errors when */
75 /* x509 is disabled, */
76 /* resulting in version 6.2.1 */
77 /* */
78 /**************************************************************************/
_nx_secure_dtls_server_local_certificate_remove(NX_SECURE_DTLS_SERVER * server_ptr,UCHAR * common_name,UINT common_name_length,UINT cert_id)79 UINT _nx_secure_dtls_server_local_certificate_remove(NX_SECURE_DTLS_SERVER *server_ptr,
80 UCHAR *common_name, UINT common_name_length, UINT cert_id)
81 {
82 #if defined(NX_SECURE_ENABLE_DTLS) && !defined(NX_SECURE_DISABLE_X509)
83 UINT status;
84 UINT i;
85 NX_SECURE_DTLS_SESSION *current_session;
86 NX_SECURE_TLS_SESSION *tls_session;
87 NX_SECURE_X509_CERT *list_head = NX_NULL;
88 UINT num_sessions;
89
90 /* Figure out number of sessions. */
91 num_sessions = server_ptr -> nx_dtls_server_sessions_count;
92
93 /* Remove certificate from the first session. */
94 if (num_sessions > 0)
95 {
96 /* Get the first session. */
97 current_session = &(server_ptr -> nx_dtls_server_sessions[0]);
98
99 /* Get the internal TLS session instance. */
100 tls_session = &(current_session -> nx_secure_dtls_tls_session);
101
102 if(cert_id > 0)
103 {
104 /* Remove the server certificate with the provided ID. */
105 status = _nx_secure_tls_server_certificate_remove(tls_session, cert_id);
106 }
107 else
108 {
109 /* Remove the server certificate with the provided CN. */
110 status = _nx_secure_tls_local_certificate_remove(tls_session, common_name, common_name_length);
111 }
112
113 if(status != NX_SUCCESS)
114 {
115 return(status);
116 }
117
118 /* Store the certificates list head for other sessions. */
119 list_head = tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store.nx_secure_x509_local_certificates;
120 }
121
122 /* Remove certificate from the remaining sessions. */
123 for(i = 1; i < num_sessions; ++i)
124 {
125 /* Get the current session. */
126 current_session = &(server_ptr -> nx_dtls_server_sessions[i]);
127
128 /* Get the internal TLS session instance. */
129 tls_session = &(current_session -> nx_secure_dtls_tls_session);
130
131 /* Set the local certificates list to the same as the first session. */
132 tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store.nx_secure_x509_local_certificates = list_head;
133 }
134
135 return(NX_SUCCESS);
136 #else
137 NX_PARAMETER_NOT_USED(server_ptr);
138 NX_PARAMETER_NOT_USED(common_name);
139 NX_PARAMETER_NOT_USED(common_name_length);
140 NX_PARAMETER_NOT_USED(cert_id);
141
142 return(NX_NOT_SUPPORTED);
143 #endif /* NX_SECURE_ENABLE_DTLS && !NX_SECURE_DISABLE_X509 */
144 }
145
146
